Home

CVE-2009-3265

Description

Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as scripted content. NOTE: the vendor reportedly considers this behavior a design feature, not a vulnerability.

Risk Information

Base Score
6.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.225

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Opera 10.00Windows
Multiple vulnerabilities affected in Opera 10.00 (For Ubuntu)Linux
Multiple vulnerabilities affected in Opera 10.00 (For Debian)Linux
Multiple vulnerabilities affected in Opera 10.00 (For Centos)Linux
Multiple vulnerabilities affected in Opera 10.00 (For RedHat)Linux
Multiple vulnerabilities affected in Opera 10.00 (For Suse)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234